mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-06-04 05:03:20 +03:00
implementation of HEAD/Range methods
This commit is contained in:
Miroslav Stampar
parent
b745331974
commit
1741801ade
lib/request
|
|
@ -30,7 +30,7 @@ from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.session import setMatchRatio
|
from lib.core.session import setMatchRatio
|
||||||
|
|
||||||
def comparison(page, headers=None, getSeqMatcher=False):
|
def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
|
||||||
regExpResults = None
|
regExpResults = None
|
||||||
|
|
||||||
# String to be excluded before calculating page hash
|
# String to be excluded before calculating page hash
|
||||||
|
|
@ -79,8 +79,13 @@ def comparison(page, headers=None, getSeqMatcher=False):
|
||||||
if conf.seqLock:
|
if conf.seqLock:
|
||||||
conf.seqLock.acquire()
|
conf.seqLock.acquire()
|
||||||
|
|
||||||
conf.seqMatcher.set_seq2(page)
|
if not conf.eRegexp and not conf.eString and kb.nullConnection:
|
||||||
ratio = round(conf.seqMatcher.ratio(), 3)
|
ratio = 1. * pageLength / len(conf.seqMatcher.a)
|
||||||
|
if ratio > 1.:
|
||||||
|
ratio = 1. / ratio
|
||||||
|
else:
|
||||||
|
conf.seqMatcher.set_seq2(page)
|
||||||
|
ratio = round(conf.seqMatcher.ratio(), 3)
|
||||||
|
|
||||||
if conf.seqLock:
|
if conf.seqLock:
|
||||||
conf.seqLock.release()
|
conf.seqLock.release()
|
||||||
|
|
|
||||||
|
|
@ -69,17 +69,17 @@ class Connect:
|
||||||
delay = 0.00001 * (conf.cpuThrottle ** 2)
|
delay = 0.00001 * (conf.cpuThrottle ** 2)
|
||||||
time.sleep(delay)
|
time.sleep(delay)
|
||||||
|
|
||||||
url = kwargs.get('url', conf.url).replace(" ", "%20")
|
url = kwargs.get('url', conf.url).replace(" ", "%20")
|
||||||
get = kwargs.get('get', None)
|
get = kwargs.get('get', None)
|
||||||
post = kwargs.get('post', None)
|
post = kwargs.get('post', None)
|
||||||
method = kwargs.get('method', None)
|
method = kwargs.get('method', None)
|
||||||
cookie = kwargs.get('cookie', None)
|
cookie = kwargs.get('cookie', None)
|
||||||
ua = kwargs.get('ua', None)
|
ua = kwargs.get('ua', None)
|
||||||
direct = kwargs.get('direct', False)
|
direct = kwargs.get('direct', False)
|
||||||
multipart = kwargs.get('multipart', False)
|
multipart = kwargs.get('multipart', False)
|
||||||
silent = kwargs.get('silent', False)
|
silent = kwargs.get('silent', False)
|
||||||
raise404 = kwargs.get('raise404', True)
|
raise404 = kwargs.get('raise404', True)
|
||||||
auxHeaders = kwargs.get('auxHeaders', None)
|
auxHeaders = kwargs.get('auxHeaders', None)
|
||||||
|
|
||||||
page = ""
|
page = ""
|
||||||
cookieStr = ""
|
cookieStr = ""
|
||||||
|
|
@ -277,7 +277,7 @@ class Connect:
|
||||||
return page, responseHeaders
|
return page, responseHeaders
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=dict()):
|
def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None):
|
||||||
"""
|
"""
|
||||||
This method calls a function to get the target url page content
|
This method calls a function to get the target url page content
|
||||||
and returns its page MD5 hash or a boolean value in case of
|
and returns its page MD5 hash or a boolean value in case of
|
||||||
|
|
@ -287,10 +287,12 @@ class Connect:
|
||||||
if conf.direct:
|
if conf.direct:
|
||||||
return direct(value, content)
|
return direct(value, content)
|
||||||
|
|
||||||
get = None
|
get = None
|
||||||
post = None
|
post = None
|
||||||
cookie = None
|
cookie = None
|
||||||
ua = None
|
ua = None
|
||||||
|
page = None
|
||||||
|
pageLength = None
|
||||||
|
|
||||||
if not place:
|
if not place:
|
||||||
place = kb.injPlace
|
place = kb.injPlace
|
||||||
|
|
@ -310,13 +312,27 @@ class Connect:
|
||||||
if conf.safUrl and conf.saFreq > 0:
|
if conf.safUrl and conf.saFreq > 0:
|
||||||
kb.queryCounter += 1
|
kb.queryCounter += 1
|
||||||
if kb.queryCounter % conf.saFreq == 0:
|
if kb.queryCounter % conf.saFreq == 0:
|
||||||
Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua, auxHeaders=auxHeaders)
|
Connect.getPage(url=conf.safUrl, cookie=cookie, direct=True, silent=True, ua=ua)
|
||||||
|
|
||||||
page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method)
|
if not content and kb.nullConnection:
|
||||||
|
if kb.nullConnection == "HEAD":
|
||||||
|
_, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent, method="HEAD", auxHeaders=auxHeaders)
|
||||||
|
pageLength = int(headers['Content-Length'])
|
||||||
|
elif kb.nullConnection == "Range":
|
||||||
|
if not auxHeaders:
|
||||||
|
auxHeaders = {}
|
||||||
|
auxHeaders["Range"] = "bytes=-1"
|
||||||
|
_, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders)
|
||||||
|
pageLength = int(headers['Content-Range'][headers['Content-Range'].find('/') + 1:])
|
||||||
|
else:
|
||||||
|
kb.nullConnection = None
|
||||||
|
page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders)
|
||||||
|
else:
|
||||||
|
page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders)
|
||||||
|
|
||||||
if content:
|
if content:
|
||||||
return page, headers
|
return page, headers
|
||||||
elif page:
|
elif pageLength or page:
|
||||||
return comparison(page, headers, getSeqMatcher)
|
return comparison(page, headers, getSeqMatcher, pageLength)
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user